diff --git a/2021/36xxx/CVE-2021-36759.json b/2021/36xxx/CVE-2021-36759.json index 717741d8eca..5e450ffe2c5 100644 --- a/2021/36xxx/CVE-2021-36759.json +++ b/2021/36xxx/CVE-2021-36759.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-36759", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-35342. Reason: This candidate is a reservation duplicate of CVE-2021-35342. Notes: All CVE users should reference CVE-2021-35342 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2023/23xxx/CVE-2023-23656.json b/2023/23xxx/CVE-2023-23656.json index ff91862eb8d..bb926a6507b 100644 --- a/2023/23xxx/CVE-2023-23656.json +++ b/2023/23xxx/CVE-2023-23656.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-23656", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MainWP", + "product": { + "product_data": [ + { + "product_name": "MainWP File Uploader Extension", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "4.1.1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "4.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/mainwp-file-uploader-extension/wordpress-mainwp-file-uploader-extension-plugin-4-1-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/mainwp-file-uploader-extension/wordpress-mainwp-file-uploader-extension-plugin-4-1-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 4.1.1 or a higher version." + } + ], + "value": "Update to 4.1.1 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dave Jong (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/25xxx/CVE-2023-25965.json b/2023/25xxx/CVE-2023-25965.json index 56b4cac411b..f1283c2f695 100644 --- a/2023/25xxx/CVE-2023-25965.json +++ b/2023/25xxx/CVE-2023-25965.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25965", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in mbbhatti Upload Resume.This issue affects Upload Resume: from n/a through 1.2.0.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mbbhatti", + "product": { + "product_data": [ + { + "product_name": "Upload Resume", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/resume-upload-form/wordpress-upload-resume-plugin-1-2-0-sensitive-data-exposure-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/resume-upload-form/wordpress-upload-resume-plugin-1-2-0-sensitive-data-exposure-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "MyungJu Kim (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/27xxx/CVE-2023-27440.json b/2023/27xxx/CVE-2023-27440.json index b3223e54084..ddb463d5816 100644 --- a/2023/27xxx/CVE-2023-27440.json +++ b/2023/27xxx/CVE-2023-27440.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-27440", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.This issue affects Types: from n/a through 3.4.17.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OnTheGoSystems", + "product": { + "product_data": [ + { + "product_name": "Types", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.4.18", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.4.17", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/types/wordpress-toolset-types-plugin-3-4-17-authenticated-arbitrary-file-upload-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/types/wordpress-toolset-types-plugin-3-4-17-authenticated-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.4.18 or a higher version." + } + ], + "value": "Update to 3.4.18 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dave Jong (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/27xxx/CVE-2023-27459.json b/2023/27xxx/CVE-2023-27459.json index 2d53fd4237d..9eac420bad5 100644 --- a/2023/27xxx/CVE-2023-27459.json +++ b/2023/27xxx/CVE-2023-27459.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-27459", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WPEverest", + "product": { + "product_data": [ + { + "product_name": "User Registration", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.3.3", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.3.2.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/user-registration/wordpress-user-registration-plugin-2-3-2-1-authenticated-php-object-injection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/user-registration/wordpress-user-registration-plugin-2-3-2-1-authenticated-php-object-injection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.3.3 or a higher version." + } + ], + "value": "Update to 2.3.3 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/27xxx/CVE-2023-27630.json b/2023/27xxx/CVE-2023-27630.json index 3b393c0ed24..6d9f298fb44 100644 --- a/2023/27xxx/CVE-2023-27630.json +++ b/2023/27xxx/CVE-2023-27630.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-27630", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.0.9.0.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PeepSo", + "product": { + "product_data": [ + { + "product_name": "Community by PeepSo", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "6.1.0.0", + "status": "unaffected" + } + ], + "lessThanOrEqual": "6.0.9.0", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/peepso-core/wordpress-community-by-peepso-plugin-6-0-9-0-server-information-disclosure?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/peepso-core/wordpress-community-by-peepso-plugin-6-0-9-0-server-information-disclosure?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 6.1.0.0 or a higher version." + } + ], + "value": "Update to 6.1.0.0 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dave Jong (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/28xxx/CVE-2023-28687.json b/2023/28xxx/CVE-2023-28687.json index b66eb0c9ff9..fa0df9521e2 100644 --- a/2023/28xxx/CVE-2023-28687.json +++ b/2023/28xxx/CVE-2023-28687.json @@ -1,17 +1,225 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28687", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perfectwpthemes Glaze Blog Lite, themebeez Fascinate, themebeez Cream Blog, themebeez Cream Magazine allows Reflected XSS.This issue affects Glaze Blog Lite: from n/a through <= 1.1.4; Fascinate: from n/a through 1.0.8; Cream Blog: from n/a through 2.1.3; Cream Magazine: from n/a through 2.1.4.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "perfectwpthemes", + "product": { + "product_data": [ + { + "product_name": "Glaze Blog Lite", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.1.5", + "status": "unaffected" + } + ], + "lessThanOrEqual": "<= 1.1.4", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "themebeez", + "product": { + "product_data": [ + { + "product_name": "Fascinate", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.0.9", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.0.8", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Cream Blog", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.1.4", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.1.3", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Cream Magazine", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.1.5", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.1.4", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/glaze-blog-lite/wordpress-glaze-blog-lite-theme-1-1-4-cross-site-scripting-xss-vulnerability", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/glaze-blog-lite/wordpress-glaze-blog-lite-theme-1-1-4-cross-site-scripting-xss-vulnerability" + }, + { + "url": "https://patchstack.com/database/vulnerability/fascinate/wordpress-fascinate-theme-1-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/fascinate/wordpress-fascinate-theme-1-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve" + }, + { + "url": "https://patchstack.com/database/vulnerability/cream-blog/wordpress-cream-blog-theme-2-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/cream-blog/wordpress-cream-blog-theme-2-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + }, + { + "url": "https://patchstack.com/database/vulnerability/cream-magazine/wordpress-cream-magazine-theme-2-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/cream-magazine/wordpress-cream-magazine-theme-2-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update Glaze Blog Lite to 1.1.5; Fascinate to 1.0.9; Cream Blog to 2.1.4; Cream Magazine to 2.1.5 or higher versions." + } + ], + "value": "Update Glaze Blog Lite to\u00a01.1.5;\u00a0Fascinate to 1.0.9; Cream Blog to\u00a02.1.4; Cream Magazine to 2.1.5 or higher versions." + } + ], + "credits": [ + { + "lang": "en", + "value": "L\u00e1szl\u00f3 Radnai (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/28xxx/CVE-2023-28787.json b/2023/28xxx/CVE-2023-28787.json index 0852dd3d3e5..f44773e5de0 100644 --- a/2023/28xxx/CVE-2023-28787.json +++ b/2023/28xxx/CVE-2023-28787.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28787", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ExpressTech", + "product": { + "product_data": [ + { + "product_name": "Quiz And Survey Master", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "8.1.5", + "status": "unaffected" + } + ], + "lessThanOrEqual": "8.1.4", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-4-unauthenticated-sql-injection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-4-unauthenticated-sql-injection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 8.1.5 or a higher version." + } + ], + "value": "Update to 8.1.5 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/29xxx/CVE-2023-29386.json b/2023/29xxx/CVE-2023-29386.json index 2398efadd4a..c28dc8d7cb2 100644 --- a/2023/29xxx/CVE-2023-29386.json +++ b/2023/29xxx/CVE-2023-29386.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-29386", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Julien Crego", + "product": { + "product_data": [ + { + "product_name": "Manager for Icomoon", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.0", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/manager-for-icomoon/wordpress-manager-for-icommon-plugin-2-0-arbitrary-file-upload-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/manager-for-icomoon/wordpress-manager-for-icommon-plugin-2-0-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.1 or a higher version." + } + ], + "value": "Update to 2.1 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "deokhunKim (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/33xxx/CVE-2023-33855.json b/2023/33xxx/CVE-2023-33855.json index 5c2e8524fa5..03cae81a44c 100644 --- a/2023/33xxx/CVE-2023-33855.json +++ b/2023/33xxx/CVE-2023-33855.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-33855", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-385 Covert Timing Channel", + "cweId": "CWE-385" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Common Cryptographic Architecture", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.5.36" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7145168", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7145168" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257676", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257676" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/38xxx/CVE-2023-38388.json b/2023/38xxx/CVE-2023-38388.json index 80384cbda67..dd7a067422a 100644 --- a/2023/38xxx/CVE-2023-38388.json +++ b/2023/38xxx/CVE-2023-38388.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38388", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Artbees", + "product": { + "product_data": [ + { + "product_name": "JupiterX Core", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.3.8", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.3.5", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/jupiterx-core/wordpress-jupiter-x-core-plugin-3-3-0-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/jupiterx-core/wordpress-jupiter-x-core-plugin-3-3-0-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.3.8 or a higher version." + } + ], + "value": "Update to 3.3.8 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/39xxx/CVE-2023-39307.json b/2023/39xxx/CVE-2023-39307.json index 71c5f24503e..5c030d311cb 100644 --- a/2023/39xxx/CVE-2023-39307.json +++ b/2023/39xxx/CVE-2023-39307.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39307", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ThemeFusion", + "product": { + "product_data": [ + { + "product_name": "Avada", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "7.11.2", + "status": "unaffected" + } + ], + "lessThanOrEqual": "7.11.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/avada/wordpress-avada-theme-7-11-1-authenticated-arbitrary-file-upload-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/avada/wordpress-avada-theme-7-11-1-authenticated-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 7.11.2 or a higher version." + } + ], + "value": "Update to 7.11.2 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/41xxx/CVE-2023-41969.json b/2023/41xxx/CVE-2023-41969.json index 1b2d1150426..88ab263f3fa 100644 --- a/2023/41xxx/CVE-2023-41969.json +++ b/2023/41xxx/CVE-2023-41969.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41969", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@zscaler.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nAn arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end user access and modification. Fixed version: Win ZApp 4.3.0 and later.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-59 Improper Link Resolution Before File Access ('Link Following')", + "cweId": "CWE-59" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zscaler", + "product": { + "product_data": [ + { + "product_name": "Client Connector", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023", + "refsource": "MISC", + "name": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Singapore GovTech Red Team" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2023/41xxx/CVE-2023-41972.json b/2023/41xxx/CVE-2023-41972.json index fee27f48977..0f9733378d6 100644 --- a/2023/41xxx/CVE-2023-41972.json +++ b/2023/41xxx/CVE-2023-41972.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41972", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@zscaler.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4.3.0.121 and later." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zscaler", + "product": { + "product_data": [ + { + "product_name": "Client Connector", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.3.0.121" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.3.0.121&deployment_date=2023-09-01&id=1463196", + "refsource": "MISC", + "name": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.3.0.121&deployment_date=2023-09-01&id=1463196" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Singapore GovTech Red Team" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2023/41xxx/CVE-2023-41973.json b/2023/41xxx/CVE-2023-41973.json index 282dcec3c10..fd31a304f2f 100644 --- a/2023/41xxx/CVE-2023-41973.json +++ b/2023/41xxx/CVE-2023-41973.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41973", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@zscaler.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zscaler", + "product": { + "product_data": [ + { + "product_name": "Client Connector", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.3.0.121" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.3.0.121&deployment_date=2023-09-01&id=1463196", + "refsource": "MISC", + "name": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.3.0.121&deployment_date=2023-09-01&id=1463196" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Singapore GovTech Red Team" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47150.json b/2023/47xxx/CVE-2023-47150.json index 8e9bace3e90..0a798b29b20 100644 --- a/2023/47xxx/CVE-2023-47150.json +++ b/2023/47xxx/CVE-2023-47150.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47150", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Common Cryptographic Architecture", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.5.36" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7145168", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7145168" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270602", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270602" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47842.json b/2023/47xxx/CVE-2023-47842.json index 8398fe44ad8..1fa32925aec 100644 --- a/2023/47xxx/CVE-2023-47842.json +++ b/2023/47xxx/CVE-2023-47842.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47842", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zachary Segal", + "product": { + "product_data": [ + { + "product_name": "CataBlog", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.7.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/catablog/wordpress-catablog-plugin-1-7-0-arbitrary-file-upload-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/catablog/wordpress-catablog-plugin-1-7-0-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47846.json b/2023/47xxx/CVE-2023-47846.json index 014959c299f..6d53ff59666 100644 --- a/2023/47xxx/CVE-2023-47846.json +++ b/2023/47xxx/CVE-2023-47846.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47846", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Terry Lin WP Githuber MD.This issue affects WP Githuber MD: from n/a through 1.16.2.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Terry Lin", + "product": { + "product_data": [ + { + "product_name": "WP Githuber MD", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.16.3", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.16.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-githuber-md/wordpress-wp-githuber-md-plugin-1-16-2-arbitrary-file-upload-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wp-githuber-md/wordpress-wp-githuber-md-plugin-1-16-2-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.16.3 or a higher version." + } + ], + "value": "Update to 1.16.3 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47873.json b/2023/47xxx/CVE-2023-47873.json index a697c56cb27..6abd7327094 100644 --- a/2023/47xxx/CVE-2023-47873.json +++ b/2023/47xxx/CVE-2023-47873.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47873", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator: from n/a through 1.0.9.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WEN Solutions", + "product": { + "product_data": [ + { + "product_name": "WP Child Theme Generator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-child-theme-generator/wordpress-wp-child-theme-generator-plugin-1-0-8-arbitrary-file-upload-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wp-child-theme-generator/wordpress-wp-child-theme-generator-plugin-1-0-8-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Dateoljo of BoB 12th (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48275.json b/2023/48xxx/CVE-2023-48275.json index 84bf28c4c6e..0d0f19e01c5 100644 --- a/2023/48xxx/CVE-2023-48275.json +++ b/2023/48xxx/CVE-2023-48275.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48275", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Trustindex.Io Widgets for Google Reviews.This issue affects Widgets for Google Reviews: from n/a through 11.0.2.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Trustindex.io", + "product": { + "product_data": [ + { + "product_name": "Widgets for Google Reviews", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "11.1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "11.0.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-reviews-plugin-for-google/wordpress-widgets-for-google-reviews-plugin-11-0-2-arbitrary-file-upload-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wp-reviews-plugin-for-google/wordpress-widgets-for-google-reviews-plugin-11-0-2-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 11.1 or a higher version." + } + ], + "value": "Update to 11.1 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48777.json b/2023/48xxx/CVE-2023-48777.json index 56799e29518..b52e16e9ccb 100644 --- a/2023/48xxx/CVE-2023-48777.json +++ b/2023/48xxx/CVE-2023-48777.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48777", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Elementor.com", + "product": { + "product_data": [ + { + "product_name": "Elementor Website Builder", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.18.2", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.18.1", + "status": "affected", + "version": "3.3.0", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-18-0-arbitrary-file-upload-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-18-0-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.18.2 or a higher version." + } + ], + "value": "Update to 3.18.2 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "H\u1ed3ng Qu\u00e2n luk6785 at VNPT-VCI (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/50xxx/CVE-2023-50894.json b/2023/50xxx/CVE-2023-50894.json index c435ea02f67..2ced9dc2aea 100644 --- a/2023/50xxx/CVE-2023-50894.json +++ b/2023/50xxx/CVE-2023-50894.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-50894", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-50894", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Janitza GridVis through 9.0.66, use of hard-coded credentials in the de.janitza.pasw.feature.impl.activators.PasswordEncryption password encryption function allows remote authenticated administrative users to discover cleartext database credentials contained in error report information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://code-white.com", + "refsource": "MISC", + "name": "https://code-white.com" + }, + { + "refsource": "MISC", + "name": "https://code-white.com/public-vulnerability-list/", + "url": "https://code-white.com/public-vulnerability-list/" } ] } diff --git a/2023/50xxx/CVE-2023-50895.json b/2023/50xxx/CVE-2023-50895.json index cd86ea38d8f..862ad9e1782 100644 --- a/2023/50xxx/CVE-2023-50895.json +++ b/2023/50xxx/CVE-2023-50895.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-50895", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-50895", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Janitza GridVis through 9.0.66, exposed dangerous methods in the de.janitza.pasw.project.server.ServerDatabaseProject project load functionality allow remote authenticated administrative users to execute arbitrary Groovy code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://code-white.com", + "refsource": "MISC", + "name": "https://code-white.com" + }, + { + "refsource": "MISC", + "name": "https://code-white.com/public-vulnerability-list/", + "url": "https://code-white.com/public-vulnerability-list/" } ] } diff --git a/2023/51xxx/CVE-2023-51146.json b/2023/51xxx/CVE-2023-51146.json index ff3f8923b18..355b0e5da87 100644 --- a/2023/51xxx/CVE-2023-51146.json +++ b/2023/51xxx/CVE-2023-51146.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51146", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51146", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow vulnerability in TRENDnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_add_user action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/SpikeReply/advisories/blob/main/cve/trendnet/cve-2023-51146.md", + "url": "https://github.com/SpikeReply/advisories/blob/main/cve/trendnet/cve-2023-51146.md" } ] } diff --git a/2023/51xxx/CVE-2023-51147.json b/2023/51xxx/CVE-2023-51147.json index c47bb2b7343..c86b4fcb5c1 100644 --- a/2023/51xxx/CVE-2023-51147.json +++ b/2023/51xxx/CVE-2023-51147.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51147", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51147", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow vulnerability in TRENDnet Trendnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_mod_pwd action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/SpikeReply/advisories/blob/main/cve/trendnet/cve-2023-51147.md", + "url": "https://github.com/SpikeReply/advisories/blob/main/cve/trendnet/cve-2023-51147.md" } ] } diff --git a/2023/51xxx/CVE-2023-51148.json b/2023/51xxx/CVE-2023-51148.json index e5ca7ef858f..0aeddbe5409 100644 --- a/2023/51xxx/CVE-2023-51148.json +++ b/2023/51xxx/CVE-2023-51148.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51148", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51148", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Access Point TEW-821DAP v.3.00b06 allows an attacker to execute arbitrary code via the 'mycli' command-line interface component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://trendnet.com", + "refsource": "MISC", + "name": "http://trendnet.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/SpikeReply/advisories/blob/main/cve/trendnet/cve-2023-51148.md", + "url": "https://github.com/SpikeReply/advisories/blob/main/cve/trendnet/cve-2023-51148.md" } ] } diff --git a/2023/6xxx/CVE-2023-6091.json b/2023/6xxx/CVE-2023-6091.json index e27fa56210d..f94bd19783a 100644 --- a/2023/6xxx/CVE-2023-6091.json +++ b/2023/6xxx/CVE-2023-6091.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6091", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in mndpsingh287 Theme Editor.This issue affects Theme Editor: from n/a through 2.7.1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mndpsingh287", + "product": { + "product_data": [ + { + "product_name": "Theme Editor", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.8", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.7.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/theme-editor/wordpress-theme-editor-plugin-2-7-1-arbitrary-file-upload-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/theme-editor/wordpress-theme-editor-plugin-2-7-1-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.8 or a higher version." + } + ], + "value": "Update to 2.8 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dateoljo of BoB 12th (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/7xxx/CVE-2023-7252.json b/2023/7xxx/CVE-2023-7252.json new file mode 100644 index 00000000000..dc363593486 --- /dev/null +++ b/2023/7xxx/CVE-2023-7252.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-7252", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1455.json b/2024/1xxx/CVE-2024-1455.json index 4b289425b15..628dd5b9b88 100644 --- a/2024/1xxx/CVE-2024-1455.json +++ b/2024/1xxx/CVE-2024-1455.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1455", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@huntr.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The XMLOutputParser in LangChain uses the etree module from the XML parser in the standard python library which has some XML vulnerabilities; see: https://docs.python.org/3/library/xml.html\n\nThis primarily affects users that combine an LLM (or agent) with the `XMLOutputParser` and expose the component via an endpoint on a web-service. \n\nThis would allow a malicious party to attempt to manipulate the LLM to produce a malicious payload for the parser that would compromise the availability of the service.\n\nA successful attack is predicated on:\n\n1. Usage of XMLOutputParser\n2. Passing of malicious input into the XMLOutputParser either directly or by trying to manipulate an LLM to do so on the users behalf\n3. Exposing the component via a web-service" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-776 Improper Restriction of Recursive Entity References in DTDs", + "cweId": "CWE-776" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "langchain-ai", + "product": { + "product_data": [ + { + "product_name": "langchain-ai/langchain", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "latest" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.com/bounties/4353571f-c70d-4bfd-ac08-3a89cecb45b6", + "refsource": "MISC", + "name": "https://huntr.com/bounties/4353571f-c70d-4bfd-ac08-3a89cecb45b6" + } + ] + }, + "source": { + "advisory": "4353571f-c70d-4bfd-ac08-3a89cecb45b6", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/22xxx/CVE-2024-22356.json b/2024/22xxx/CVE-2024-22356.json index c40f0ed9523..c0dfad49200 100644 --- a/2024/22xxx/CVE-2024-22356.json +++ b/2024/22xxx/CVE-2024-22356.json @@ -1,17 +1,110 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22356", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID: 280893." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-117 Improper Output Neutralization for Logs", + "cweId": "CWE-117" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "App Connect Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "11.0.0.1", + "version_value": "11.0.0.23" + }, + { + "version_affected": "<=", + "version_name": "12.0.1.0", + "version_value": "12.0.9.0" + } + ] + } + }, + { + "product_name": "Integration Bus", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "10.1", + "version_value": "10.1.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7145144", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7145144" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280893", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280893" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/23xxx/CVE-2024-23482.json b/2024/23xxx/CVE-2024-23482.json index fcf7ddd8ebf..5e2db536d73 100644 --- a/2024/23xxx/CVE-2024-23482.json +++ b/2024/23xxx/CVE-2024-23482.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23482", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@zscaler.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. Fixed Version: Mac ZApp 4.2.0.241 and later.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zscaler", + "product": { + "product_data": [ + { + "product_name": "Client Connector", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.2.0.241" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2024", + "refsource": "MISC", + "name": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2024" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Singapore GovTech Red Team" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/23xxx/CVE-2024-23722.json b/2024/23xxx/CVE-2024-23722.json index dea68a789d0..0472e267175 100644 --- a/2024/23xxx/CVE-2024-23722.json +++ b/2024/23xxx/CVE-2024-23722.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-23722", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-23722", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/fluent/fluent-bit/compare/v2.2.1...v2.2.2", + "refsource": "MISC", + "name": "https://github.com/fluent/fluent-bit/compare/v2.2.1...v2.2.2" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@adurands82/fluent-bit-dos-vulnerability-cve-2024-23722-4e3e74af9d00", + "url": "https://medium.com/@adurands82/fluent-bit-dos-vulnerability-cve-2024-23722-4e3e74af9d00" } ] } diff --git a/2024/25xxx/CVE-2024-25420.json b/2024/25xxx/CVE-2024-25420.json index 49dbc007dff..85b44500272 100644 --- a/2024/25xxx/CVE-2024-25420.json +++ b/2024/25xxx/CVE-2024-25420.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25420", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25420", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.igniterealtime.org/projects/openfire/", + "refsource": "MISC", + "name": "https://www.igniterealtime.org/projects/openfire/" + }, + { + "url": "https://github.com/igniterealtime/Openfire/blob/main/xmppserver/src/main/java/org/jivesoftware/openfire/admin/AdminManager.java", + "refsource": "MISC", + "name": "https://github.com/igniterealtime/Openfire/blob/main/xmppserver/src/main/java/org/jivesoftware/openfire/admin/AdminManager.java" + }, + { + "refsource": "MISC", + "name": "https://www.hackthebox.com/blog/openfire-cves-explained-CVE-2024-25420-CVE-2024-25421", + "url": "https://www.hackthebox.com/blog/openfire-cves-explained-CVE-2024-25420-CVE-2024-25421" } ] } diff --git a/2024/25xxx/CVE-2024-25421.json b/2024/25xxx/CVE-2024-25421.json index d95471b8f52..06a66e81a78 100644 --- a/2024/25xxx/CVE-2024-25421.json +++ b/2024/25xxx/CVE-2024-25421.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25421", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25421", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.igniterealtime.org/projects/openfire/", + "refsource": "MISC", + "name": "https://www.igniterealtime.org/projects/openfire/" + }, + { + "url": "https://github.com/igniterealtime/Openfire/blob/main/xmppserver/src/main/java/org/jivesoftware/openfire/muc/spi/LocalMUCRoomManager.java", + "refsource": "MISC", + "name": "https://github.com/igniterealtime/Openfire/blob/main/xmppserver/src/main/java/org/jivesoftware/openfire/muc/spi/LocalMUCRoomManager.java" + }, + { + "refsource": "MISC", + "name": "https://www.hackthebox.com/blog/openfire-cves-explained-CVE-2024-25420-CVE-2024-25421", + "url": "https://www.hackthebox.com/blog/openfire-cves-explained-CVE-2024-25420-CVE-2024-25421" } ] } diff --git a/2024/26xxx/CVE-2024-26303.json b/2024/26xxx/CVE-2024-26303.json index 0db6d921953..3cc61d4f8da 100644 --- a/2024/26xxx/CVE-2024-26303.json +++ b/2024/26xxx/CVE-2024-26303.json @@ -1,17 +1,148 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26303", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authenticated Denial of Service Vulnerability in ArubaOS-Switch SSH Daemon\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "ArubaOS-S Switch", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "ArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0015 and below" + }, + { + "status": "affected", + "version": "ArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC - All versions. " + }, + { + "status": "affected", + "version": "ArubaOS-Switch 16.10.xxxx: WB.16.10.24 and below. " + }, + { + "status": "affected", + "version": "ArubaOS-Switch 16.09.xxxx: All versions. " + }, + { + "status": "affected", + "version": "ArubaOS-Switch 16.08.xxxx: All versions." + }, + { + "status": "affected", + "version": "ArubaOS-Switch 16.07.xxxx: All versions" + }, + { + "status": "affected", + "version": "ArubaOS-Switch 16.06.xxxx: All versions" + }, + { + "status": "affected", + "version": "ArubaOS-Switch 16.05.xxxx: All versions" + }, + { + "status": "affected", + "version": "ArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0027 and below" + }, + { + "status": "affected", + "version": "ArubaOS-Switch 16.03.xxxx: All versions" + }, + { + "status": "affected", + "version": "ArubaOS-Switch 16.02.xxxx: All versions" + }, + { + "status": "affected", + "version": "ArubaOS-Switch 16.01.xxxx: All versions" + }, + { + "status": "affected", + "version": "ArubaOS-Switch 15.xx.xxxx: All versions" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-003.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-003.txt" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Adrian Weiss" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/27xxx/CVE-2024-27521.json b/2024/27xxx/CVE-2024-27521.json index 3e2ccabaa8f..cc4ddacabd8 100644 --- a/2024/27xxx/CVE-2024-27521.json +++ b/2024/27xxx/CVE-2024-27521.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-27521", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-27521", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the \"setOpModeCfg\" function. This security issue allows an attacker to take complete control of the device. In detail, exploitation allows unauthenticated, remote attackers to execute arbitrary system commands with administrative privileges (i.e., as user \"root\")." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://m.totolink.net/portal/article/index/id/410.html", + "refsource": "MISC", + "name": "https://m.totolink.net/portal/article/index/id/410.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/SpikeReply/advisories/blob/main/cve/totolink/cve-2024-27521.md", + "url": "https://github.com/SpikeReply/advisories/blob/main/cve/totolink/cve-2024-27521.md" } ] } diff --git a/2024/28xxx/CVE-2024-28442.json b/2024/28xxx/CVE-2024-28442.json index 9ba8b9891f3..4cae5949ea9 100644 --- a/2024/28xxx/CVE-2024-28442.json +++ b/2024/28xxx/CVE-2024-28442.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28442", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28442", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physically proximate attacker to obtain sensitive information via terms of use function in the company portal component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.yealink.com/en/product-detail/ip-phone-vp59", + "refsource": "MISC", + "name": "https://www.yealink.com/en/product-detail/ip-phone-vp59" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@deepsahu1/cve-2024-28442-yealink-ip-phone-webview-escape-leads-to-sensitive-file-disclosure-via-directory-686ef8f80227", + "url": "https://medium.com/@deepsahu1/cve-2024-28442-yealink-ip-phone-webview-escape-leads-to-sensitive-file-disclosure-via-directory-686ef8f80227" } ] } diff --git a/2024/28xxx/CVE-2024-28545.json b/2024/28xxx/CVE-2024-28545.json index 8ba2b8d45d0..6910397a467 100644 --- a/2024/28xxx/CVE-2024-28545.json +++ b/2024/28xxx/CVE-2024-28545.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28545", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28545", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/setUsbUnload.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/setUsbUnload.md" } ] } diff --git a/2024/28xxx/CVE-2024-28551.json b/2024/28xxx/CVE-2024-28551.json index 3b0b53aa886..ac5dc8a74af 100644 --- a/2024/28xxx/CVE-2024-28551.json +++ b/2024/28xxx/CVE-2024-28551.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28551", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28551", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter of form_fast_setting_wifi_set function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/form_fast_setting_wifi_set.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/form_fast_setting_wifi_set.md" } ] } diff --git a/2024/29xxx/CVE-2024-29203.json b/2024/29xxx/CVE-2024-29203.json index ff319aef3e9..36534363bae 100644 --- a/2024/29xxx/CVE-2024-29203.json +++ b/2024/29xxx/CVE-2024-29203.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29203", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TinyMCE is an open source rich text editor. A\u00a0cross-site scripting (XSS) vulnerability was discovered in TinyMCE\u2019s content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the editor. These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "tinymce", + "product": { + "product_data": [ + { + "product_name": "tinymce", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 6.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-438c-3975-5x3f", + "refsource": "MISC", + "name": "https://github.com/tinymce/tinymce/security/advisories/GHSA-438c-3975-5x3f" + }, + { + "url": "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1", + "refsource": "MISC", + "name": "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1" + }, + { + "url": "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types", + "refsource": "MISC", + "name": "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types" + }, + { + "url": "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#sandbox_iframes-editor-option-is-now-defaulted-to-true", + "refsource": "MISC", + "name": "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#sandbox_iframes-editor-option-is-now-defaulted-to-true" + } + ] + }, + "source": { + "advisory": "GHSA-438c-3975-5x3f", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29401.json b/2024/29xxx/CVE-2024-29401.json index 959fc5da27c..f0b7eabc4e9 100644 --- a/2024/29xxx/CVE-2024-29401.json +++ b/2024/29xxx/CVE-2024-29401.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-29401", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-29401", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the session of a deleted admin to do anything." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/menghaining/PoC/blob/main/xzs-mysql/xzs-mysql%20--%20PoC.md", + "refsource": "MISC", + "name": "https://github.com/menghaining/PoC/blob/main/xzs-mysql/xzs-mysql%20--%20PoC.md" } ] } diff --git a/2024/29xxx/CVE-2024-29684.json b/2024/29xxx/CVE-2024-29684.json index 0e4541d0e0b..cd4df9d265c 100644 --- a/2024/29xxx/CVE-2024-29684.json +++ b/2024/29xxx/CVE-2024-29684.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-29684", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-29684", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/iimiss/cms/blob/main/1.md", + "refsource": "MISC", + "name": "https://github.com/iimiss/cms/blob/main/1.md" } ] } diff --git a/2024/29xxx/CVE-2024-29881.json b/2024/29xxx/CVE-2024-29881.json index fbe8d397248..c672e4d82f7 100644 --- a/2024/29xxx/CVE-2024-29881.json +++ b/2024/29xxx/CVE-2024-29881.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29881", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE\u2019s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "tinymce", + "product": { + "product_data": [ + { + "product_name": "tinymce", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 7.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78", + "refsource": "MISC", + "name": "https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78" + }, + { + "url": "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1", + "refsource": "MISC", + "name": "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1" + }, + { + "url": "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types", + "refsource": "MISC", + "name": "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types" + }, + { + "url": "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true", + "refsource": "MISC", + "name": "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true" + } + ] + }, + "source": { + "advisory": "GHSA-5359-pvf2-pw78", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29883.json b/2024/29xxx/CVE-2024-29883.json index 02376e5c736..6cf781152a0 100644 --- a/2024/29xxx/CVE-2024-29883.json +++ b/2024/29xxx/CVE-2024-29883.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29883", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the `(createwiki)` user right regardless of the settings one sets on a given wiki request. This may expose information to users who are not supposed to be able to access it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "miraheze", + "product": { + "product_data": [ + { + "product_name": "CreateWiki", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 0c7c4f93834349be8f5c2a678e9a85b4b1aa7bab" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9", + "refsource": "MISC", + "name": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9" + }, + { + "url": "https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0b98d/raw/44c4a229aacc8233808c767a79af9e4fd581ae68/T11993.patch", + "refsource": "MISC", + "name": "https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0b98d/raw/44c4a229aacc8233808c767a79af9e4fd581ae68/T11993.patch" + }, + { + "url": "https://issue-tracker.miraheze.org/T11993", + "refsource": "MISC", + "name": "https://issue-tracker.miraheze.org/T11993" + } + ] + }, + "source": { + "advisory": "GHSA-8wjf-mxjg-j8p9", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29912.json b/2024/29xxx/CVE-2024-29912.json index cbd53bcc7e7..11b92d91621 100644 --- a/2024/29xxx/CVE-2024-29912.json +++ b/2024/29xxx/CVE-2024-29912.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29912", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Baptiste Plac\u00e9 iCalendrier allows Stored XSS.This issue affects iCalendrier: from n/a through 1.80.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Baptiste Plac\u00e9", + "product": { + "product_data": [ + { + "product_name": "iCalendrier", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.81", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.80", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/icalendrier/wordpress-icalendrier-plugin-1-80-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/icalendrier/wordpress-icalendrier-plugin-1-80-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.81 or a higher version." + } + ], + "value": "Update to 1.81 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "LVT-tholv2k (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2802.json b/2024/2xxx/CVE-2024-2802.json index e2b3b8e30b1..a1c09910a1a 100644 --- a/2024/2xxx/CVE-2024-2802.json +++ b/2024/2xxx/CVE-2024-2802.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2802", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1166. Reason: This candidate is a reservation duplicate of CVE-2024-1166. Notes: All CVE users should reference CVE-2024-1166 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2024/2xxx/CVE-2024-2883.json b/2024/2xxx/CVE-2024-2883.json index 21f3b6ddcbd..ef371fb424f 100644 --- a/2024/2xxx/CVE-2024-2883.json +++ b/2024/2xxx/CVE-2024-2883.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2883", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "123.0.6312.86", + "version_value": "123.0.6312.86" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html" + }, + { + "url": "https://issues.chromium.org/issues/327807820", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/327807820" } ] } diff --git a/2024/2xxx/CVE-2024-2885.json b/2024/2xxx/CVE-2024-2885.json index da27fda2c77..0e3c9519528 100644 --- a/2024/2xxx/CVE-2024-2885.json +++ b/2024/2xxx/CVE-2024-2885.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2885", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "123.0.6312.86", + "version_value": "123.0.6312.86" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html" + }, + { + "url": "https://issues.chromium.org/issues/328958020", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/328958020" } ] } diff --git a/2024/2xxx/CVE-2024-2886.json b/2024/2xxx/CVE-2024-2886.json index d64f314e881..daff53b301d 100644 --- a/2024/2xxx/CVE-2024-2886.json +++ b/2024/2xxx/CVE-2024-2886.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2886", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "123.0.6312.86", + "version_value": "123.0.6312.86" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html" + }, + { + "url": "https://issues.chromium.org/issues/330575496", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/330575496" } ] } diff --git a/2024/2xxx/CVE-2024-2887.json b/2024/2xxx/CVE-2024-2887.json index 3f0d2d0d69c..37f5373a9b0 100644 --- a/2024/2xxx/CVE-2024-2887.json +++ b/2024/2xxx/CVE-2024-2887.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2887", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "123.0.6312.86", + "version_value": "123.0.6312.86" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html" + }, + { + "url": "https://issues.chromium.org/issues/330588502", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/330588502" } ] } diff --git a/2024/2xxx/CVE-2024-2891.json b/2024/2xxx/CVE-2024-2891.json index c578f218084..362bdd7c0e5 100644 --- a/2024/2xxx/CVE-2024-2891.json +++ b/2024/2xxx/CVE-2024-2891.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2891", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257934 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Tenda AC7 15.03.06.44 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion formQuickIndex der Datei /goform/QuickIndex. Mittels Manipulieren des Arguments PPPOEPassword mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "AC7", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "15.03.06.44" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257934", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257934" + }, + { + "url": "https://vuldb.com/?ctiid.257934", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257934" + }, + { + "url": "https://vuldb.com/?submit.300354", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.300354" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formQuickIndex.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formQuickIndex.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_miemie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2024/2xxx/CVE-2024-2901.json b/2024/2xxx/CVE-2024-2901.json index d9d8fa4fa18..936851c30e3 100644 --- a/2024/2xxx/CVE-2024-2901.json +++ b/2024/2xxx/CVE-2024-2901.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2901", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedEndTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257944. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Tenda AC7 15.03.06.44 wurde eine kritische Schwachstelle gefunden. Hierbei betrifft es die Funktion setSchedWifi der Datei /goform/openSchedWifi. Mittels dem Manipulieren des Arguments schedEndTime mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "AC7", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "15.03.06.44" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257944", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257944" + }, + { + "url": "https://vuldb.com/?ctiid.257944", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257944" + }, + { + "url": "https://vuldb.com/?submit.300367", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.300367" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/setSchedWifi.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/setSchedWifi.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_tutu (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2024/2xxx/CVE-2024-2902.json b/2024/2xxx/CVE-2024-2902.json index 79af6dbedeb..dc16b585090 100644 --- a/2024/2xxx/CVE-2024-2902.json +++ b/2024/2xxx/CVE-2024-2902.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2902", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257945 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in Tenda AC7 15.03.06.44 gefunden. Davon betroffen ist die Funktion fromSetWifiGusetBasic der Datei /goform/WifiGuestSet. Mittels Manipulieren des Arguments shareSpeed mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "AC7", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "15.03.06.44" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257945", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257945" + }, + { + "url": "https://vuldb.com/?ctiid.257945", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257945" + }, + { + "url": "https://vuldb.com/?submit.300449", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.300449" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/fromSetWifiGusetBasic.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/fromSetWifiGusetBasic.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_tutu (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2024/2xxx/CVE-2024-2903.json b/2024/2xxx/CVE-2024-2903.json index aa328478bf5..a76ccd20660 100644 --- a/2024/2xxx/CVE-2024-2903.json +++ b/2024/2xxx/CVE-2024-2903.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2903", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257946 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in Tenda AC7 15.03.06.44 ausgemacht. Hiervon betroffen ist die Funktion GetParentControlInfo der Datei /goform/GetParentControlInfo. Durch das Manipulieren des Arguments mac mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "AC7", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "15.03.06.44" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257946", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257946" + }, + { + "url": "https://vuldb.com/?ctiid.257946", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257946" + }, + { + "url": "https://vuldb.com/?submit.300452", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.300452" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/GetParentControlInfo.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/GetParentControlInfo.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_tutu (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2024/2xxx/CVE-2024-2908.json b/2024/2xxx/CVE-2024-2908.json new file mode 100644 index 00000000000..32e45425170 --- /dev/null +++ b/2024/2xxx/CVE-2024-2908.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2908", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2909.json b/2024/2xxx/CVE-2024-2909.json new file mode 100644 index 00000000000..9e0588110b6 --- /dev/null +++ b/2024/2xxx/CVE-2024-2909.json @@ -0,0 +1,110 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-2909", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical was found in Ruijie RG-EG350 up to 20240318. Affected by this vulnerability is the function setAction of the file /itbox_pi/networksafe.php?a=set of the component HTTP POST Request Handler. The manipulation of the argument bandwidth leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257977 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Ruijie RG-EG350 bis 20240318 wurde eine kritische Schwachstelle entdeckt. Betroffen ist die Funktion setAction der Datei /itbox_pi/networksafe.php?a=set der Komponente HTTP POST Request Handler. Mittels dem Manipulieren des Arguments bandwidth mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ruijie", + "product": { + "product_data": [ + { + "product_name": "RG-EG350", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20240318" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257977", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257977" + }, + { + "url": "https://vuldb.com/?ctiid.257977", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257977" + }, + { + "url": "https://vuldb.com/?submit.300368", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.300368" + }, + { + "url": "https://h0e4a0r1t.github.io/2024/vulns/Ruijie%20EG350%20Easy%20Gateway%20Management%20System%20Exists%20Remote%20Code%20Execution%20Vulnerability%20networksafe.php.pdf", + "refsource": "MISC", + "name": "https://h0e4a0r1t.github.io/2024/vulns/Ruijie%20EG350%20Easy%20Gateway%20Management%20System%20Exists%20Remote%20Code%20Execution%20Vulnerability%20networksafe.php.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "H0e4a0r1t (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2910.json b/2024/2xxx/CVE-2024-2910.json new file mode 100644 index 00000000000..49c7d73c059 --- /dev/null +++ b/2024/2xxx/CVE-2024-2910.json @@ -0,0 +1,110 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-2910", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as critical, has been found in Ruijie RG-EG350 up to 20240318. Affected by this issue is the function vpnAction of the file /itbox_pi/vpn_quickset_service.php?a=set_vpn of the component HTTP POST Request Handler. The manipulation of the argument ip/port/user/pass/dns/startIp leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257978 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in Ruijie RG-EG350 bis 20240318 entdeckt. Betroffen davon ist die Funktion vpnAction der Datei /itbox_pi/vpn_quickset_service.php?a=set_vpn der Komponente HTTP POST Request Handler. Mittels Manipulieren des Arguments ip/port/user/pass/dns/startIp mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ruijie", + "product": { + "product_data": [ + { + "product_name": "RG-EG350", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20240318" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257978", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257978" + }, + { + "url": "https://vuldb.com/?ctiid.257978", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257978" + }, + { + "url": "https://vuldb.com/?submit.300372", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.300372" + }, + { + "url": "https://h0e4a0r1t.github.io/2024/vulns/Ruijie%20EG350%20Easy%20Gateway%20Management%20System%20Exists%20Remote%20Code%20Execution%20Vulnerability_vpn_quickset_service.php.pdf", + "refsource": "MISC", + "name": "https://h0e4a0r1t.github.io/2024/vulns/Ruijie%20EG350%20Easy%20Gateway%20Management%20System%20Exists%20Remote%20Code%20Execution%20Vulnerability_vpn_quickset_service.php.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "H0e4a0r1t (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2911.json b/2024/2xxx/CVE-2024-2911.json new file mode 100644 index 00000000000..03a6029d46f --- /dev/null +++ b/2024/2xxx/CVE-2024-2911.json @@ -0,0 +1,110 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-2911", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257979. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in Tianjin PubliCMS 4.0.202302.e gefunden. Betroffen hiervon ist ein unbekannter Ablauf. Durch das Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tianjin", + "product": { + "product_data": [ + { + "product_name": "PubliCMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.202302.e" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257979", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257979" + }, + { + "url": "https://vuldb.com/?ctiid.257979", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257979" + }, + { + "url": "https://vuldb.com/?submit.300339", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.300339" + }, + { + "url": "https://github.com/sweatxi/BugHub/blob/main/publiccms_csrf.pdf", + "refsource": "MISC", + "name": "https://github.com/sweatxi/BugHub/blob/main/publiccms_csrf.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "hexixi (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2912.json b/2024/2xxx/CVE-2024-2912.json new file mode 100644 index 00000000000..fa25b16377c --- /dev/null +++ b/2024/2xxx/CVE-2024-2912.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2912", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2913.json b/2024/2xxx/CVE-2024-2913.json new file mode 100644 index 00000000000..5637686c3b8 --- /dev/null +++ b/2024/2xxx/CVE-2024-2913.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2913", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2914.json b/2024/2xxx/CVE-2024-2914.json new file mode 100644 index 00000000000..fff9fa1365a --- /dev/null +++ b/2024/2xxx/CVE-2024-2914.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2914", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2915.json b/2024/2xxx/CVE-2024-2915.json index de65942c6bd..f9d84c43491 100644 --- a/2024/2xxx/CVE-2024-2915.json +++ b/2024/2xxx/CVE-2024-2915.json @@ -1,70 +1,18 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2915", - "ASSIGNER": "security@devolutions.net", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups via a specially crafted request.\n\n" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Devolutions", - "product": { - "product_data": [ - { - "product_name": "Server", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "0", - "version_value": "2024.1.6" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://devolutions.net/security/advisories/DEVO-2024-0005", - "refsource": "MISC", - "name": "https://devolutions.net/security/advisories/DEVO-2024-0005" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2916.json b/2024/2xxx/CVE-2024-2916.json index ed70b25d404..b531276389a 100644 --- a/2024/2xxx/CVE-2024-2916.json +++ b/2024/2xxx/CVE-2024-2916.json @@ -1,109 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2916", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file ajax.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257982 is the identifier assigned to this vulnerability." - }, - { - "lang": "deu", - "value": "Es wurde eine kritische Schwachstelle in Campcodes House Rental Management System 1.0 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei ajax.php. Durch Beeinflussen des Arguments username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Campcodes", - "product": { - "product_data": [ - { - "product_name": "House Rental Management System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.257982", - "refsource": "MISC", - "name": "https://vuldb.com/?id.257982" - }, - { - "url": "https://vuldb.com/?ctiid.257982", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.257982" - }, - { - "url": "https://vuldb.com/?submit.303671", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.303671" - }, - { - "url": "https://github.com/E1CHO/cve_hub/blob/main/House%20Rental%20Management%20System%20-%20vuln%201.pdf", - "refsource": "MISC", - "name": "https://github.com/E1CHO/cve_hub/blob/main/House%20Rental%20Management%20System%20-%20vuln%201.pdf" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 7.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "HIGH" - }, - { - "version": "3.0", - "baseScore": 7.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "HIGH" - }, - { - "version": "2.0", - "baseScore": 7.5, - "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2917.json b/2024/2xxx/CVE-2024-2917.json index f0789b39c53..072d5c92a42 100644 --- a/2024/2xxx/CVE-2024-2917.json +++ b/2024/2xxx/CVE-2024-2917.json @@ -1,109 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2917", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257983." - }, - { - "lang": "deu", - "value": "In Campcodes House Rental Management System 1.0 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei index.php. Dank der Manipulation des Arguments page mit unbekannten Daten kann eine file inclusion-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-73 File Inclusion", - "cweId": "CWE-73" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Campcodes", - "product": { - "product_data": [ - { - "product_name": "House Rental Management System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.257983", - "refsource": "MISC", - "name": "https://vuldb.com/?id.257983" - }, - { - "url": "https://vuldb.com/?ctiid.257983", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.257983" - }, - { - "url": "https://vuldb.com/?submit.303672", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.303672" - }, - { - "url": "https://github.com/E1CHO/cve_hub/blob/main/House%20Rental%20Management%20System%20-%20vuln%202.pdf", - "refsource": "MISC", - "name": "https://github.com/E1CHO/cve_hub/blob/main/House%20Rental%20Management%20System%20-%20vuln%202.pdf" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 5.4, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 5.4, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 5.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2918.json b/2024/2xxx/CVE-2024-2918.json new file mode 100644 index 00000000000..3549154263d --- /dev/null +++ b/2024/2xxx/CVE-2024-2918.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2918", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2919.json b/2024/2xxx/CVE-2024-2919.json new file mode 100644 index 00000000000..c1bf1e65173 --- /dev/null +++ b/2024/2xxx/CVE-2024-2919.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2919", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2920.json b/2024/2xxx/CVE-2024-2920.json new file mode 100644 index 00000000000..1befd03730b --- /dev/null +++ b/2024/2xxx/CVE-2024-2920.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2920", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2921.json b/2024/2xxx/CVE-2024-2921.json index bf226f36eb0..b71295620f6 100644 --- a/2024/2xxx/CVE-2024-2921.json +++ b/2024/2xxx/CVE-2024-2921.json @@ -1,70 +1,18 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2921", - "ASSIGNER": "security@devolutions.net", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper access control in PAM vault permissions in Devolutions Server 2024.1.6 and earlier allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific set of permissions.\n\n" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Devolutions", - "product": { - "product_data": [ - { - "product_name": "Server", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "0", - "version_value": "2024.1.6" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://devolutions.net/security/advisories/DEVO-2024-0005", - "refsource": "MISC", - "name": "https://devolutions.net/security/advisories/DEVO-2024-0005" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2922.json b/2024/2xxx/CVE-2024-2922.json new file mode 100644 index 00000000000..007d136a69c --- /dev/null +++ b/2024/2xxx/CVE-2024-2922.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2922", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2923.json b/2024/2xxx/CVE-2024-2923.json new file mode 100644 index 00000000000..ef64b287342 --- /dev/null +++ b/2024/2xxx/CVE-2024-2923.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2923", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2955.json b/2024/2xxx/CVE-2024-2955.json index a91e2033489..efa00b2e445 100644 --- a/2024/2xxx/CVE-2024-2955.json +++ b/2024/2xxx/CVE-2024-2955.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2955", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-762: Mismatched Memory Management Routines", + "cweId": "CWE-762" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wireshark Foundation", + "product": { + "product_data": [ + { + "product_name": "Wireshark", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.2.0", + "version_value": "4.2.4" + }, + { + "version_affected": "<", + "version_name": "4.0.0", + "version_value": "4.0.14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wireshark.org/security/wnpa-sec-2024-06.html", + "refsource": "MISC", + "name": "https://www.wireshark.org/security/wnpa-sec-2024-06.html" + }, + { + "url": "https://gitlab.com/wireshark/wireshark/-/issues/19695", + "refsource": "MISC", + "name": "https://gitlab.com/wireshark/wireshark/-/issues/19695" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 4.2.4 or above." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/2xxx/CVE-2024-2963.json b/2024/2xxx/CVE-2024-2963.json new file mode 100644 index 00000000000..9ab22d96183 --- /dev/null +++ b/2024/2xxx/CVE-2024-2963.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2963", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2964.json b/2024/2xxx/CVE-2024-2964.json new file mode 100644 index 00000000000..4dfdcf774a1 --- /dev/null +++ b/2024/2xxx/CVE-2024-2964.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2964", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2965.json b/2024/2xxx/CVE-2024-2965.json new file mode 100644 index 00000000000..6196517dd79 --- /dev/null +++ b/2024/2xxx/CVE-2024-2965.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2965", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2966.json b/2024/2xxx/CVE-2024-2966.json new file mode 100644 index 00000000000..5c20c5a413e --- /dev/null +++ b/2024/2xxx/CVE-2024-2966.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2966", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2967.json b/2024/2xxx/CVE-2024-2967.json new file mode 100644 index 00000000000..33755eb7877 --- /dev/null +++ b/2024/2xxx/CVE-2024-2967.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2967", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2968.json b/2024/2xxx/CVE-2024-2968.json new file mode 100644 index 00000000000..df139f31914 --- /dev/null +++ b/2024/2xxx/CVE-2024-2968.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2968", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2969.json b/2024/2xxx/CVE-2024-2969.json new file mode 100644 index 00000000000..182fcbc5f2f --- /dev/null +++ b/2024/2xxx/CVE-2024-2969.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2969", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2970.json b/2024/2xxx/CVE-2024-2970.json new file mode 100644 index 00000000000..6f014dee299 --- /dev/null +++ b/2024/2xxx/CVE-2024-2970.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2970", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2971.json b/2024/2xxx/CVE-2024-2971.json new file mode 100644 index 00000000000..b83ecae6de5 --- /dev/null +++ b/2024/2xxx/CVE-2024-2971.json @@ -0,0 +1,95 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-2971", + "ASSIGNER": "xpdf@xpdfreader.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Xpdf", + "product": { + "product_data": [ + { + "product_name": "Xpdf", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "4.05" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.xpdfreader.com/security-bug/CVE-2024-2971.html", + "refsource": "MISC", + "name": "https://www.xpdfreader.com/security-bug/CVE-2024-2971.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Song Jiaxuan (Huazhong University of Science and Technology)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 2.9, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2986.json b/2024/2xxx/CVE-2024-2986.json new file mode 100644 index 00000000000..5313f761598 --- /dev/null +++ b/2024/2xxx/CVE-2024-2986.json @@ -0,0 +1,110 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-2986", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258155. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Tenda FH1202 1.2.0.14(408) ausgemacht. Sie wurde als kritisch eingestuft. Davon betroffen ist die Funktion formSetSpeedWan der Datei /goform/SetSpeedWan. Durch das Manipulieren des Arguments speed_dir mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "FH1202", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.2.0.14(408)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258155", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258155" + }, + { + "url": "https://vuldb.com/?ctiid.258155", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258155" + }, + { + "url": "https://vuldb.com/?submit.301284", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.301284" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/SetSpeedWan.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/SetSpeedWan.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_tu (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30258.json b/2024/30xxx/CVE-2024-30258.json new file mode 100644 index 00000000000..781f4789567 --- /dev/null +++ b/2024/30xxx/CVE-2024-30258.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30258", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30259.json b/2024/30xxx/CVE-2024-30259.json new file mode 100644 index 00000000000..607499f9634 --- /dev/null +++ b/2024/30xxx/CVE-2024-30259.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30259", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30260.json b/2024/30xxx/CVE-2024-30260.json new file mode 100644 index 00000000000..3b7cc0df878 --- /dev/null +++ b/2024/30xxx/CVE-2024-30260.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30260", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30261.json b/2024/30xxx/CVE-2024-30261.json new file mode 100644 index 00000000000..4f344adb26f --- /dev/null +++ b/2024/30xxx/CVE-2024-30261.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30261", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30262.json b/2024/30xxx/CVE-2024-30262.json new file mode 100644 index 00000000000..2baa9dbe9e0 --- /dev/null +++ b/2024/30xxx/CVE-2024-30262.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30262", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30263.json b/2024/30xxx/CVE-2024-30263.json new file mode 100644 index 00000000000..676585ccf6f --- /dev/null +++ b/2024/30xxx/CVE-2024-30263.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30263", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30264.json b/2024/30xxx/CVE-2024-30264.json new file mode 100644 index 00000000000..e92584e127b --- /dev/null +++ b/2024/30xxx/CVE-2024-30264.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30264", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30265.json b/2024/30xxx/CVE-2024-30265.json new file mode 100644 index 00000000000..ab1dce9e543 --- /dev/null +++ b/2024/30xxx/CVE-2024-30265.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30265", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30266.json b/2024/30xxx/CVE-2024-30266.json new file mode 100644 index 00000000000..02141ec538e --- /dev/null +++ b/2024/30xxx/CVE-2024-30266.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30266", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30267.json b/2024/30xxx/CVE-2024-30267.json new file mode 100644 index 00000000000..11adaa5c6c1 --- /dev/null +++ b/2024/30xxx/CVE-2024-30267.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30267", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30268.json b/2024/30xxx/CVE-2024-30268.json new file mode 100644 index 00000000000..2cbb9dec38c --- /dev/null +++ b/2024/30xxx/CVE-2024-30268.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30268", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30269.json b/2024/30xxx/CVE-2024-30269.json new file mode 100644 index 00000000000..c97b49517ef --- /dev/null +++ b/2024/30xxx/CVE-2024-30269.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30269", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30270.json b/2024/30xxx/CVE-2024-30270.json new file mode 100644 index 00000000000..9126e2a5adc --- /dev/null +++ b/2024/30xxx/CVE-2024-30270.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30270", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30799.json b/2024/30xxx/CVE-2024-30799.json new file mode 100644 index 00000000000..28b51eb1253 --- /dev/null +++ b/2024/30xxx/CVE-2024-30799.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30799", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31051.json b/2024/31xxx/CVE-2024-31051.json new file mode 100644 index 00000000000..1ba65935bdc --- /dev/null +++ b/2024/31xxx/CVE-2024-31051.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31051", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file